You don’t need need to write any conditional logic, because you can only demand all the permissions you need. This works well when you need to verify that a user is a member of multiple groups

Disadvantage of this approach:

By using exception handling to control the flow of your application is slower.

Often, PrincipalPermission checks are used in addition to web.config rules as a failsafe. You can call Demand() to ensure that even if a web.config file has been inadvertently modified, users in the wrong groups won’t be allowed.